Description:
A vulnerability was reported in Indexu. A remote user can include and execute arbitrary code on the target system.

Multiple administrative scripts do not properly validate user-supplied input in the 'admin_template_path' parameter. A remote authenticated administrator can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service.